Tag: phish | SpinSafe

Salesforce Zero-Day Exploited to Phish Facebook Credentials

August 6, 2023/in Internet Security

Attackers were recently spotted exploiting a zero-day flaw in Salesforce’s email and SMTP services in a sophisticated phishing campaign aimed at stealing credentials from Facebook users.

Guardio researchers detected cyberattackers sending targeted phishing emails with @salesforce.com addresses using the legitimate Salesforce infrastructure. An investigation revealed that they were able to exploit a Salesforce email-validation flaw to hide behind the domain’s trusted status with users and email protections alike.

The sender of the emails claimed to be “Meta Platforms,” and the messages included legitimate links to the Facebook platform, further bolstering legitimacy.

“It’s a no-brainer why we’ve seen this email slipping through traditional anti-spam and anti-phishing mechanisms,” Guardio Labs’ Oleg Zaytsey and Nati Tal noted in the post. “It includes legit links (to facebook.com) and is sent from a legit email address of @salesforce.com, one of the world’s leading CRM providers.”

The messages directed recipients via a button to a legitimate Facebook domain, apps.facebook.com, where content has been altered to inform them that they’d violated Facebook’s terms of service. From there, another button led to a phishing page that collected personal details, including full name, account name, email address, phone number, and password.

Nonetheless, “there is no evidence of impact to customer data,” Salesforce told Guardio. The flaw, meanwhile, has been fixed.

Abuse of Discontinued Facebook Games

On the Facebook side, attackers abused apps.facebook.com by creating a Web app game, which allows customized canvases. Facebook has discontinued the ability to create legacy game canvases, but existing games that were developed prior to the end of the feature were grandfathered in. It appears that malicious actors abused access to these accounts, the researchers said.

In doing this, they could “insert malicious domain content directly into the Facebook platform — presenting a phishing kit designed specifically to steal Facebook accounts including two-factor authentication (2FA) mechanism bypasses,” the researchers said, adding that Facebook parent Meta “quickly removed the…

Source…

Latvia says Russian hackers tried to phish its Ministry of Defence

January 30, 2023/in Computer Security

Russian hackers are being blamed for an attempted phishing attack against the Latvian Ministry of Defence.

Gamaredon, a Russian state-sponsored cyberespionage group, used a domain name (admou[.]org) previously linked to the gang in previous attacks designed to steal information and gain access to networks run by Ukraine and its allies.

Researchers at French security outfit Sekoia explained that the hackers sent spear phishing emails to the Latvian MoD while posing as officials of the Ukrainian Ministry of Defence.

It appears that at least one of the recipients was suspicious of the message and its attachment, as it was uploaded to the VirusTotal service for scanning.

Smuggled inside the email attachment was malicious code which launched a sequence of processes, designed to help hackers steal information from their intended targets within Latvia’s Ministry of Defence.

As The Record describes, what made the investigation into the attack unusual is that once the Gamaredon hacking group realised its attack was being investigated, it began to communicate with the researchers:

A CERT-LV spokesperson told The Record that hackers sent a meme depicting a Russian bear holding a paw on Ukraine, while the U.S. and EU try to contain it.

FSB-linked Gamaredon (which is also known as Actinium, Armageddon, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, and Winterflounder) has been attacking organsiations outside of Russia for at least ten years.

Last year, for instance, Gamaredon hackers reportedly attempted to hack into a petroleum-refining company located in a NATO country, and targeted military and government institutions in Ukraine with boobytrapped Word documents.

The Latvian Ministry of Defence says that the attempted phishing attack launched against it by the Gamaredon group was unsuccessful.

Latvia’s Computer Emergency Readiness Team (CERT-LV) says that cyberattacks in the country have risen 30% since the start of the war in Ukraine, with the most serious threats posed by pro-Russian hacktivists and Kremlin-backed hackers targeting critical infrastructure, businesses, and Latvia’s government.

Source…

TAC Security Launches ESOF Phish Infielder Tool to Help Organizations Prevent Phishing Attacks

March 8, 2022/in Mobile Security

SAN FRANCISCO, March 8, 2022–TAC Security, a global leader in innovative Vulnerability and Risk Management solutions, announced today the launch of the ESOF® Phish InFielder tool, the most powerful anti-phishing framework for an enterprise’s network or application. Organizations can access the Phish Infielder tool through ESOF VMDR, the next generation platform for vulnerability and risk management.

“As phishing attacks become more sophisticated and the stakes increase as more sensitive information is stored online, it’s imperative that organizations of every size take proactive steps to maximize the effectiveness of every layer of their cybersecurity stacks,” said Trishneet Arora, TAC Security’s founder and CEO. “TAC Security’s ESOF VMDR solution and its Phish Infielder tool offers businesses a simple solution to upgrade their anti-phishing strategies by recognizing, reporting and responding to an attack.”

ESOF Phish Infielder is a complete solution that defends against malicious attacks and tactics, while also providing data driven insights in real-time. Features of ESOF Phish Infielder, include:

Risk-based campaigns– Run risk-based campaigns to monitor employees and raise security threats for users.
Group level metrics– Receive metrics at the individual, departmental and organizational level that inform IT teams about the effectiveness of a phishing template in a test group.
Reporting dashboard– Use the reporting dashboard to view real-time phishing scores including emails sent, clicks and open rates.
Active phishing response– Flag phishing incidents that require attention immediately.

Organizations can use Phish Infielder to measure human risks and vulnerabilities in a controlled environment by targeting employees with simulated phishing campaigns using templates provided by TAC Security. Campaign execution is automatic and real-time results can be found in the organization’s dashboard.

About ESOF VMDR

ESOF VMDR offers the widest vulnerability management coverage in a single platform, its next generation vulnerability management combines legacy vulnerability assessment plus multiple security tools to analyze mobile, phishing, SIEM, people, GRC and threat…

Source…